United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 
Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 22313-1430 
www.uspto.gov 



APPLICATION NO. 



FILING DATE 



FIRST NAMED INVENTOR 



ATTORNEY DOCKET NO. CONFIRMATION NO. 



09/900,001 



07/05/2001 



28875 7590 07/14/2005 

Zilka-Kotab, PC 
P.O. BOX 721120 
SAN JOSE, CA 95172-1120 



Mark J. McArdle 



002114.P021 



5140 



EXAMINER 



MOORTH Y f ARAVIND K 



ART UNIT 



PAPER NUMBER 



2131 

DATE MAILED: 07/14/2005 



Please find below and/or attached an Office communication concerning this application or proceeding. 



PTO-90C (Rev. 10/03) 



7 

Office Action Sutnmsrx/ 


Application No. 

09/900,001 


Applicant(s) 

MCARDLE ET AL. 


Examiner 

Aravind K. Moorthy 


Art Unit 

2131 





- The MAILING DA TE of this communication appears on the cover sheet with the correspondence address ~ 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)^ Responsive to communication(s) filed on 28 April 2005 . 
2a)D This action is FINAL. 2b)K This action is non-final. 

3) Q Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) E3 Claim(s) 1,2,4-14, 16-26 and 28-42 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) Q Claim(s) is/are allowed. 

6) IEI Claim(s) 1,2,4-14, 16-26 and 28-42 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) Q The specification is objected to by the Examiner. 

10) ^ The drawing(s) filed on 05 July 2001 is/are: a)^ accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2.Q Certified copies of the priority documents have been received in Application No. . 



3.Q Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

1 . This is in response to the amendment filed on 28 April 2005. 

2. Claims 1, 2 5 4-14, 16-26 and 28-42 are pending in the application. 

3. Claims 1, 2, 4-14, 16-26 and 28-42 have been rejected. 

4. Claims 3, 15 and 27 have been cancelled. 

Response to Arguments 

5. Applicant's arguments with respect to claims 1, 2, 4-14, 16-26 and 28-39 have been 
considered but are moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 103 
The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

6. Claims 1, 2, 4-14, 16-26 and 28-42 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Nikander et al U.S. Patent No. 6,253,321 Bl in view of Gitlin et al U.S. 
Patent No. 6,757,841 Bl. 

As to claims 1 and 5, Nikander et al discloses intercepting a portion of outgoing network 
data characteristic of the operating system [column 5, lines 41-53]. 

Nikander et al does not teach masking the portion of outgoing network data to 
impersonate a different operating system in accordance with a security policy if the network is an 
untrusted network. Nikander et al does not teach replacing the portion of outgoing network data 
with data characteristic of the different operating system. 
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Gitlin et al teaches impersonating a different operating system in accordance with a 
security policy if the network is an untrusted network [column 3, lines 9-65]. Gitlin et al teaches 
replacing the portion of outgoing network data with data characteristic of the different operating 
system [column 3, lines 9-65]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Nikander et al so that the firewall would have 
missed the portion of outgoing network data to impersonate a different operating system in 
accordance with a security policy if the network is an untrusted network. 

It would have been obvious to a person having ordinary skill in the aft at the time the 
invention was made to have modified Nikander et al by the teaching of Gitlin et al because 
certain operating system more vulnerable to attacks. Therefore, if it were an untrusted network, 
you would not want an outsider to penetrate your operating system. 

As to claims 2, 14 and 26, Nikander teaches discarding the portion of outgoing network 
data [column 7, lines 39-67]. 

As to claims 4 and 16, Nikander teaches that the security policy identifies the portion of 
outgoing network data and specifies an action to take to mask the portion of outgoing network 
data [column 8, lines 1-12]. 

As to claims 6, 18 and 39, Nikander teaches that the security policy further defines the 
network as untrusted [column 8, lines 1-12]. 

As to claims 7, 19 and 29, Nikander teaches receiving the security policy through the 
network [column 8, lines 1-12]. 
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As to claims 8, 20 and 30, Nikander teaches modifying the security policy based on user 
input [column 8, lines 57-67]. 

As to claims 9, 21 and 28, Nikander teaches transmitting the portion of outgoing network 
data unchanged if the network is a trusted network [column 7, lines 39-67]. 

As to claims 12, 24 and 32, Nikander teaches that the method is integrated into a firewall 
that protects the computer [column 5, lines 54-67]. 

As to claims 13 and 17, Nikander et al discloses intercepting a portion of outgoing 
network data characteristic of the operating system [column 5, lines 41-53]. 

Nikander et al does not teach masking the portion of outgoing network data to 
impersonate a different operating system in accordance with a security policy if the network is an 
untrusted network. Nikander et al does not teach replacing the portion of outgoing network data 
with data characteristic of the different operating system. 

Gitlin et al teaches impersonating a different operating system in accordance with a 
security policy if the network is an untrusted network [column 3, lines 9-65]. Gitlin et al teaches 
replacing the portion of outgoing network data with data characteristic of the different operating 
system [column 3, lines 9-65]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Nikander et al so that the firewall would have 
missed the portion of outgoing network data to impersonate a different operating system in 
accordance with a security policy if the network is an untrusted network. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Nikander et al by the teaching of Gitlin et al because 
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certain operating system more vulnerable to attacks. Therefore, if it were an untrusted network, 
you would not want an outsider to penetrate your operating system. 

As to claims 10, 22, 31, 37 and 38, Nikander teaches the method further comprising: 

intercepting a portion of incoming network data, as discussed above; and 
sending a false response to the portion of incoming network data to 
impersonate the different operating system in accordance with the security policy 
if the network is an untrusted network [column 7, lines 39-67]. 

As to claims 1 1 and 23, the Nikander teaches that the security policy identifies the 
portion of incoming network data and the false response [column 7, lines 39-67]. 

As to claims 25 and 33, Nikander et al discloses intercepting a portion of outgoing 
network data characteristic of the operating system [column 5, lines 41-53]. 

Nikander et al does not teach masking the portion of outgoing network data to 
impersonate a different operating system in accordance with a security policy if the network is an 
untrusted network. Nikander et al does not teach replacing the portion of outgoing network data 
with data characteristic of the different operating system. 

Gitlin et al teaches impersonating a different operating system in accordance with a 
security policy if the network is an untrusted network [column 3, lines 9-65]. Gitlin et al teaches 
replacing the portion of outgoing network data with data characteristic of the different operating 
system [column 3, lines 9-65]. 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Nikander et al so that the firewall would have 
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missed the portion of outgoing network data to impersonate a different operating system in 
accordance with a security policy if the network is an untrusted network. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Nikander et al by the teaching of Gitlin et al because 
certain operating system more vulnerable to attacks. Therefore, if it were an untrusted network, 
you would not want an outsider to penetrate your operating system. 

As to claims 34-36, Nikander et al discloses intercepting a portion of outgoing network 
data characteristic of the operating system [column 5, lines 41-53]. 

Nikander et al does not teach masking the portion of outgoing network data to 
impersonate a different operating system in accordance with a security policy if the network is an 
untrusted network. Nikander et al does not teach replacing the portion of outgoing network data 
with data characteristic of the different operating system. 

Gitlin et al teaches impersonating a different operating system in accordance with a 
security policy if the network is an untrusted network [column 3, lines 9-65]. Gitlin et al teaches 
replacing the portion of outgoing network data with data characteristic of the different operating 
system [column 3, lines 9-65], 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified Nikander et al so that the firewall would have 
missed the portion of outgoing network data to impersonate a different operating system in 
accordance with a security policy if the network is an untrusted network. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified Nikander et al by the teaching of Gitlin et al because 
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certain operating system more vulnerable to attacks. Therefore, if it were an untrusted network, 
you would not want an outsider to penetrate your operating system. 

As to claim 40, Gitlin et al teaches that the security policy contains data on a plurality of 
different operating systems for allowing the portion of outgoing network data to impersonate any 
one of the plurality of different operating systems [column 3, lines 9-65]. 

As to claim 41, Gitlin et al teaches that each of the different operating systems included 
in the plurality of different operating systems is assigned a specific untrusted network for 
masking the portion of outgoing data according to the untrusted network [[column 3, lines 9-65]. 

As to claim 42, Nikander et al teaches that the false response is sent if the operating 
system would normally not respond to the incoming network data [column 5, lines 54-67]. 
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Conclusion 

7. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Aravind K. Moorthy whose telephone number is 571-272-3793. 
The examiner can normally be reached on Monday-Friday, 8:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz R. Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



Aravind K Moorthy 
July 6, 2005 



